Information Security Specialist in London

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, or related field.
• 2+ years of experience in information security risk management or similar role.
• Knowledge and expertise with a wide range of security/risk management governance, guidance, compliance concepts and documentation such as NIST 800-53, NIST Cybersecurity Framework (CSF), ISO or equivalent.
• Experience using and administrating GRC tooling.
• Proficient with Windows and Linux, including Active Directory and EntraID.
• Strong analytical, good organizational, effective communication, and presentation skills.
• Flexibility in work given and ability to actively research how to perform new tasks.
• Proficient in using Microsoft Teams, Excel, PowerPoint, Word and AI tools (Copilot, ChatGPT and others).
• Experience with GenAI coding assistance and leveraging AI to improve processes.
• CISSP, CRISC, CISM or other related security certifications.

What the job involves

• The Information Security Specialist is responsible for supporting enterprise-wide cyber risk management and governance activities.
• This role requires a strong foundation in information technology and internal controls, along with proficiency in security frameworks and a solid understanding of cybersecurity risk management practices.
• The individual will collaborate across global teams to assess risks, recommend and implement robust security controls, and contribute to the development and maintenance of information security policies and standards.
• This role also supports both local and global regulatory compliance efforts, including identifying control gaps and assisting in risk remediation activities.
• The position plays a key role in enhancing the efficiency and effectiveness of security processes through standardization, consistency, and continuous improvement initiatives.
• This role contributes to the broader mission of the Information Security function by helping protect the organization’s people, assets, and reputation through strong governance, optimized controls, and scalable security practices.
• Maintain assurance and governance activities related to organization-specific security compliance methodologies that demonstrate our security governance to management and other key stakeholders including regulators, auditors, and boards.
• Develop and maintain security policies, procedures, and guidelines according to industry best practices and regulatory requirements.
• Conduct regular security controls testing to evaluate the effectiveness of existing security systems and procedures and recommend improvements.
• Conduct comprehensive risk assessments to identify potential risks in the organization’s IT infrastructure and oversee the lifecycle of any security risks, ensuring that remediation is agreed, effective, and timely.
• Prepare regular reports on the organization’s cyber risk posture for presentation to senior management.
• Foster strong partnerships and collaborate regularly with other departments communicating security issues, obtaining additional information as needed, and providing status of remediation to security management.
• Assist with regulatory exams by obtaining documentation, drafting responses, and helping develop security action plans.
• Stay current with the latest cybersecurity regulatory standards, trends, threats, and technologies, and provide recommendations for improvement.